CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-10267: Information Disclosure in transformeroptimus/superagi

7.5 CVSS

Description

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. The vulnerable endpoint is located in the user registration functionality.

Classification

CVE ID: CVE-2024-10267

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

Affected Products

Vendor: transformeroptimus

Product: transformeroptimus/superagi

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.33% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-10267
https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f642b692e

Timeline

2025-03-20 11:40:12 UTC
CVE

Information Disclosure in transformeroptimus/superagi